基于增量集成学习的动态自适应SDN入侵检测方法*
投稿时间:2020-06-30  修订日期:2020-07-15  点此下载全文
引用本文:
摘要点击次数: 38
全文下载次数: 0
作者单位E-mail
陈昌娜 广州供电局有限公司 277431493@qq.com 
李昭桦 中国能源建设集团广东省电力设计研究院有限公司  
基金项目:广州供电局有限公司《基于SDN控制器的数据网可视化流量调度技术研究及应用》(GZHKJXM20170117)
中文摘要:随着SDN网络应用的推广,SDN网络的安全也越来越受到重视,基于模式识别的网络入侵检测由于无法一次性收集完备的训练数据集,使得对未知的入侵行为识别率不高。为提高入侵检测系统的自适应性,本文提出增量集成学习算法,并用该算法解决SDN入侵检测问题,该算法利用滑动窗口法获得数据块,对新的数据块进行训练获得子分类器,然后依据在历史数据块和当前数据块的分类结果筛选子分类器进行集成,使得分类模型不断完善从而能够自适应的识别未知攻击行为。通过在NSL-KDD数据集上的实验结果可以看到,该算法可以提高未知攻击的识别率。
中文关键词:增量学习  集成学习  入侵检测  软件定义网络
 
A dynamic adaptive SDN intrusion detection method based on incremental ensemble learning
Abstract:With the popularization of SDN network application, the security of SDN network has been paid more and more attention. Because the network intrusion detection method based on pattern recognition cannot collect complete training dataset at one time, the recognition rate of intrusion detection model for unknown intrusion behavior is not high. In order to improve the adaptability of intrusion detection system, this paper proposes an incremental ensemble learning algorithm and uses it to solve the problem of SDN intrusion detection. The proposed algorithm uses sliding window method to obtain data blocks and trains data blocks to obtain sub classifiers. Then it selects sub-classifiers according to the classification results of historical data blocks and current data blocks for integration, so that the classification model is constantly improved and can identify unknown attack behavior adaptively. The experimental results on the NSL-KDD dataset show that the algorithm can improve the recognition rate of unknown attacks.
keywords:Ensemble Learning  Incremental Learning  Intrusion detection  Software Defined Network
查看全文   查看/发表评论   下载pdf阅读器